Влияние
High
Подробные сведения
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-36350 |
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. |
5.9 |
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-36350 |
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. |
5.9 |
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Dell рекомендует всем клиентам учитывать как базовую оценку CVSS, так и любые временные и обусловленные средой оценки, которые могут повлиять на потенциальную степень серьезности конкретной уязвимости.
| CVEs Addressed |
|
Updated Versions |
Link to Update |
| CVE-2021-3712 (OpenSSL) |
8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x |
Upgrade your version of OneFS |
PowerScale OneFS Downloads Area
|
| 9.3.0.x |
Available from December (or later) RUP |
| 9.1.0.x, 9 and2.1.x |
Download and install the latest RUP |
| Multiple CVEs (Intel) |
All supported OneFS versions |
Download and install the latest NFP for your node types |
| Multiple CVEs (cURL) |
8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x |
Upgrade your version of OneFS |
| 9.3.0.x |
Download and install December (or later) RUP |
| 9.1.0.x and 9.2.1.x |
Download and install the latest RUP |
| CVE-2021-23336 (Python) |
8.2.1.x, 9.0.0.x, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.3.0.x |
Download and install December (or later) RUP |
| 8.2.x, 9.1.0.x, and 9.2.1.x |
Download and install the latest RUP |
| CVE-2021-36350 (PowerScale OneFS) |
8.2.1.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x |
Upgrade your version of OneFS |
| 9.3.0.x |
Download and install December (or later) RUP |
| 8.2.2, 9.1.0.x, and 9.2.1.x |
Download and install the latest RUP |
| CVEs Addressed |
|
Updated Versions |
Link to Update |
| CVE-2021-3712 (OpenSSL) |
8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x |
Upgrade your version of OneFS |
PowerScale OneFS Downloads Area
|
| 9.3.0.x |
Available from December (or later) RUP |
| 9.1.0.x, 9 and2.1.x |
Download and install the latest RUP |
| Multiple CVEs (Intel) |
All supported OneFS versions |
Download and install the latest NFP for your node types |
| Multiple CVEs (cURL) |
8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x |
Upgrade your version of OneFS |
| 9.3.0.x |
Download and install December (or later) RUP |
| 9.1.0.x and 9.2.1.x |
Download and install the latest RUP |
| CVE-2021-23336 (Python) |
8.2.1.x, 9.0.0.x, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.3.0.x |
Download and install December (or later) RUP |
| 8.2.x, 9.1.0.x, and 9.2.1.x |
Download and install the latest RUP |
| CVE-2021-36350 (PowerScale OneFS) |
8.2.1.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x |
Upgrade your version of OneFS |
| 9.3.0.x |
Download and install December (or later) RUP |
| 8.2.2, 9.1.0.x, and 9.2.1.x |
Download and install the latest RUP |
Временные решения и снижение риска
| CVEs Addressed |
Workarounds or Mitigations |
| CVE-2021-3712 (OpenSSL) |
Avoid granting the ISI_PRIV_AUTH_SSH RBAC role to non-administrators. |
| Multiple CVEs (Intel) |
None |
| Multiple CVEs (cURL) |
None |
| CVE-2021-23336 (Python) |
None |
| CVE-2021-36350 (PowerScale OneFS) |
Avoid configuring DUO for groups with spaces in their name, until you have patched your OneFS installation. |
История изменений
| Revision | Date | Description |
| 1.0 | 2021-12-06 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Затронутые продукты
PowerScale OneFS, Product Security Information